News broke recently of this horrible, tremendous security bug behind a type of SSL encryption that is supposed to protect your data on websites. The Heartbleed bug, which has been around unnoticed for the last two years, means anyone with the knowledge can grab (or could have grabbed) your account logins, credit card details, browsing habits, emails, and more from about two-thirds of the world's websites.

Server administrators and the like are right to freak out about this. User data could have been compromised in the last two years without anyone even being able to detect it.

The Heartbleed Bug site is a great resource for anyone who wants to learn the details behind this bug. Not all sites are affected, but what to do about those sites that have been affected by the bug and quickly patched this week is still unclear.

The thing is, you should change your password for any site that could have been compromised by Heartbleed--including Yahoo, Flickr, OK Cupid, and Zoho. (Here's a list of tests for the top 1000 sites.) Butyou shouldn't change those passwords until the site in question tells you to (or until you get confirmation that the issue has been fixed). They need to upgrade to the safe version of OpenSSL, revoke past certificates, and get new certificates in place. If you change your passwords before the site does all these things, you logins can still be compromised.

Long story short, watch out for announcements from websites for when and if you should change your passwords. We're probably all going to have to change plenty, but better to do it when it will actually make a difference. Once you do get the green light, though, change your passwords ASAP. For further reading, see AgileBit's 1Password blog post.

Melanie Pinola is a freelance writer covering all things tech-related. A former IT admin and occasional web developer, she is also the author of LinkedIn in 30 Minutes, a Lifehacker writer, and the Mobile Office Technology expert at About.com.

The opinions expressed in this blog are those of the author and do not necessarily represent those of ITworld, its parent, subsidiary or affiliated companies.